Loughborough University
Browse

File(s) under permanent embargo

Reason: This item is currently closed access.

Information security policies in the UK healthcare sector: a critical evaluation

journal contribution
posted on 2012-07-26, 11:15 authored by Bernd Carsten Stahl, Neil Doherty, Mark Shaw
All organisations must take active steps to maintain the security and integrity of their information resources, and nowhere is this strategy more critical than in hospitals where issues of information accuracy and patient confidentiality are paramount. Of all the tools at the information security manager's disposal, none is more widely valued and used than the information security policy. Much research therefore concentrates on the way in which information security policies contribute to the protection of systems from internal and external threats. Such work is legitimate and important, but it often fails to explore alternative views of security and related policies. Against this backdrop, this paper seeks to provide novel insights into the role and purpose of information security policies by reviewing them through a critical theoretical lens. It presents the results of a critical discourse analysis which looked for evidence of ideology and hegemony within a sample of information security policies from the UK's National Health Service. The findings support the contention that an alternative description of information security policies from a critical perspective provides better insights into existing problems than most mainstream work. The paper concludes by discussing the implications of the findings and future research avenues.

History

School

  • Business and Economics

Department

  • Business

Citation

STAHL, B.C., DOHERTY, N. and SHAW, M., 2012. Information security policies in the UK healthcare sector: a critical evaluation. Information Systems Journal, 22 (1), pp. 77 - 94

Publisher

© Blackwell Publishing Ltd

Version

  • VoR (Version of Record)

Publication date

2012

Notes

This article is closed access, it was published in the serial Information Systems Journal [© Blackwell Publishing Ltd]. The definitive version is available at: http://onlinelibrary.wiley.com/doi/10.1111/j.1365-2575.2011.00378.x/abstract

ISSN

1350-1917

eISSN

1365-2575

Language

  • en